[ca-certificates/f19] * Wed Mar 27 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.0 - Use both label and serial to identif
Kai Engert
kengert at fedoraproject.org
Tue Mar 26 23:31:54 UTC 2013
commit f5bd74372e8f65e363494b8d4f5db81fa8ffb14d
Author: Kai Engert <kaie at redhat.com>
Date: Wed Mar 27 00:31:44 2013 +0100
* Wed Mar 27 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.0
- Use both label and serial to identify cert during conversion, rhbz#927601
ca-certificates.spec | 5 ++++-
certdata2pem.py | 22 +++++++++++++---------
2 files changed, 17 insertions(+), 10 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 91b7324..df39b74 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -27,7 +27,7 @@ Name: ca-certificates
# because all future versions will start with 2013 or larger.)
Version: 2012.87
-Release: 9%{?dist}.1
+Release: 10.0%{?dist}
License: Public Domain
Group: System Environment/Base
@@ -271,6 +271,9 @@ fi
%changelog
+* Wed Mar 27 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.0
+- Use both label and serial to identify cert during conversion, rhbz#927601
+
* Tue Mar 19 2013 Kai Engert <kaie at redhat.com> - 2012.87-9.fc19.1
- adjust to changed and new functionality provided by p11-kit 0.17.3
- updated READMEs to describe the new directory-specific treatment of files
diff --git a/certdata2pem.py b/certdata2pem.py
index b52e031..aa1ac97 100644
--- a/certdata2pem.py
+++ b/certdata2pem.py
@@ -29,6 +29,9 @@ import urllib
objects = []
+def printable_serial(obj):
+ return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
+
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
field, type, value, obj = None, None, None, dict()
@@ -85,18 +88,18 @@ trustmap = dict()
for obj in objects:
if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
continue
- label = obj['CKA_LABEL']
- trustmap[label] = obj
- print " added trust", label
+ key = obj['CKA_LABEL'] + printable_serial(obj)
+ trustmap[key] = obj
+ print " added trust", key
# Build up cert database.
certmap = dict()
for obj in objects:
if obj['CKA_CLASS'] != 'CKO_CERTIFICATE':
continue
- label = obj['CKA_LABEL']
- certmap[label] = obj
- print " added cert", label
+ key = obj['CKA_LABEL'] + printable_serial(obj)
+ certmap[key] = obj
+ print " added cert", key
def obj_to_filename(obj):
label = obj['CKA_LABEL'][1:-1]
@@ -106,7 +109,7 @@ def obj_to_filename(obj):
.replace(')', '=')\
.replace(',', '_')
label = re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label)
- serial = ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
+ serial = printable_serial(obj)
return label + ":" + serial
trust_types = {
@@ -137,7 +140,8 @@ openssl_trust = {
for tobj in objects:
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
- print "producing trust for " + tobj['CKA_LABEL']
+ key = tobj['CKA_LABEL'] + printable_serial(tobj)
+ print "producing trust for " + key
trustbits = []
distrustbits = []
openssl_trustflags = []
@@ -154,7 +158,7 @@ for tobj in objects:
fname = obj_to_filename(tobj)
try:
- obj = certmap[tobj['CKA_LABEL']]
+ obj = certmap[key]
except:
obj = None
More information about the scm-commits
mailing list